Skip to content

GitHub Actions — Trivia & Interesting Facts

Surprising, historical, and little-known facts about GitHub Actions.

GitHub Actions launched by acquiring a CI/CD startup

GitHub Actions was publicly launched in November 2019, but the technology was partly based on GitHub's 2018 acquisition of HCL (originally called "actions" internally). The timing was significant — Microsoft had acquired GitHub for $7.5 billion in June 2018 and gave them the resources to build a full CI/CD platform.

Actions disrupted the CI/CD market within 12 months

Within one year of launch, GitHub Actions captured significant market share from established CI/CD providers. CircleCI, Travis CI, and others saw migration waves. Travis CI, once the dominant CI platform for open-source projects, lost so much market share that it laid off most of its engineering team in 2020.

The YAML workflow syntax was controversial from day one

GitHub Actions uses YAML for workflow definitions, which immediately generated debate. The first version of Actions (2018) used HCL (HashiCorp Configuration Language). GitHub switched to YAML for the public release, citing broader familiarity. Many developers still find the YAML syntax verbose and error-prone, particularly for complex conditional logic.

GitHub-hosted runners use Azure virtual machines

GitHub Actions' hosted runners run on Microsoft Azure infrastructure (unsurprisingly, given Microsoft owns GitHub). Standard runners are 2-core VMs with 7GB RAM and 14GB SSD. Many teams don't realize they're running on Azure, which occasionally matters for network latency to non-Azure cloud resources.

Self-hosted runners are a security risk that many teams underestimate

GitHub's documentation explicitly warns that self-hosted runners on public repositories are a security risk because any fork can trigger workflow runs on your infrastructure. Despite this warning, security researchers regularly find organizations running self-hosted runners on public repos, enabling attackers to execute arbitrary code on internal networks.

The Actions Marketplace has over 20,000 actions

The GitHub Actions Marketplace exceeded 20,000 published actions by 2024. However, quality varies enormously — many actions are unmaintained, have security vulnerabilities, or run arbitrary code from third-party authors. The practice of pinning actions to specific SHA commits (instead of version tags) became a security best practice after supply chain attacks targeted popular actions.

actions/checkout is the most-used action, with billions of executions

The actions/checkout action, which clones your repository into the runner, is the most commonly used action in existence. It's used in virtually every workflow and has been executed billions of times. Despite its simplicity, it's been through multiple major versions addressing performance, submodules, and sparse checkout optimizations.

Matrix builds can generate hundreds of jobs from a few lines of YAML

GitHub Actions' matrix strategy can dynamically generate hundreds of parallel jobs from a compact YAML definition. A single workflow testing 5 operating systems, 4 language versions, and 3 dependency versions creates 60 parallel jobs. This replaced CI configurations that used to require hundreds of lines of repetitive YAML.

Workflow concurrency controls were added after users crashed their own infrastructure

GitHub added the concurrency key to workflows after users reported that rapid pushes to a branch could trigger dozens of simultaneous deployments, overwhelming their infrastructure. The concurrency feature allows canceling in-progress runs when a new run starts, preventing deployment storms.

GitHub Actions is free for public repositories — and this changed open source

GitHub Actions provides unlimited free minutes for public repositories. This effectively made CI/CD a free commodity for open-source projects. Before this, open-source maintainers had to apply for free tiers from Travis CI, CircleCI, or others. The free Actions tier lowered the barrier to quality CI/CD for thousands of projects.